Category Archives: Advisories

Post Title

Read Time:32 Second

A vulnerability has been discovered in specific WSO2 products, which could allow for remote code execution. WSO2 is an open-source technology provider. It offers an enterprise platform for integrating application programming interfaces (API), applications, and web services locally and across the Internet. Successful exploitation of this vulnerability could allow for remote code execution. Depending on the privileges associated with the user, an attacker could then install programs; view; change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Read More

recutils-1.9-1.fc36

Read Time:12 Second

FEDORA-2022-17787e290f

Packages in this update:

recutils-1.9-1.fc36

Update description:

New upstream release (#2075962, #2047809, #2047807, #2047805, #2046941)
Use %%gpgverify macro
Remove recutils-shared-lib-calls-exit.patch
Install rec-mode.el from a separate source

Read More

recutils-1.9-1.fc35

Read Time:12 Second

FEDORA-2022-4e6bd7ca62

Packages in this update:

recutils-1.9-1.fc35

Update description:

New upstream release (#2075962, #2047809, #2047807, #2047805, #2046941)
Use %%gpgverify macro
Remove recutils-shared-lib-calls-exit.patch
Install rec-mode.el from a separate source

Read More

USN-5376-3: Git regression

Read Time:15 Second

USN-5376-1 fixed vulnerabilities in Git, some patches were missing to properly fix
the issue. This update fixes the problem.

Original advisory details:

俞晨东 discovered that Git incorrectly handled certain repository paths
in platforms with multiple users support. An attacker could possibly use
this issue to run arbitrary commands.

Read More

CVE-2021-24957

Read Time:13 Second

The Advanced Page Visit Counter WordPress plugin through 5.0.8 does not escape the artID parameter before using it in a SQL statement in the apvc_reset_count_art AJAX action, available to any authenticated user, leading to a SQL injection

Read More

CVE-2021-25094

Read Time:24 Second

The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress’s upload directory. By adding a PHP shell with a filename starting with a dot “.”, this can bypass extension control implemented in the plugin. Moreover, there is a race condition in the zip extraction process which makes the shell file live long enough on the filesystem to be callable by an attacker.

Read More

CVE-2021-25111

Read Time:9 Second

The English WordPress Admin WordPress plugin before 1.5.2 does not validate the admin_custom_language_return_url before redirecting users o it, leading to an open redirect issue

Read More

CVE-2021-24800

Read Time:10 Second

The DW Question & Answer Pro WordPress plugin through 1.3.4 does not check that the comment to edit belongs to the user making the request, allowing any user to edit other comments.

Read More

CVE-2021-24805

Read Time:13 Second

The DW Question & Answer Pro WordPress plugin through 1.3.4 does not properly check for CSRF in some of its functions, allowing attackers to make logged in users perform unwanted actions, such as update a comment or a question status.

Read More